Protecting crowded places from terror attack

NZ Security Magazine, Oct/Nov 2017

New Australian counter-terror strategy places responsibility for resilience on businesses.

The Australian Government has launched a new national strategy for protecting crowds from terror attack. Launched in August by Prime Minister Malcolm Turnbull, ‘Australia’s Strategy for Protecting Crowded Places from Terrorism’ puts the onus for threat preparedness on businesses and recommends they engage licensed security consultants, writes Nicholas Dynon.

At a press conference to launch the strategy, Prime Minister Turnbull said terror attacks in Paris, London, Berlin and Barcelona showed that terrorists targeted crowded places.

According to the new document, attacks on crowded places overseas, “demonstrate how basic weapons— including vehicles, knives, and firearms — can be used by terrorists to devastating effect.” Congested places such as stadiums, shopping centres, pedestrian malls, and major events, it explains, “will continue to be attractive targets for terrorists.”

The objective of the Strategy is to “protect the lives of people working in, using, and visiting crowded places by making these places more resilient.” According to its authors, its success rests on “strong and sustainable partnerships across Australia between governments and the private sector to better protect crowded places.”

Little-known in New Zealand

Released by the Attorney-General’s Department in Canberra, the strategy was developed in conjunction with state and territory governments, local government, police and the private sector. Yet strangely, the document appears to have been published by the Australia New Zealand Counter Terrorism Committee (ANZCTC), a high-level body comprised of representatives from the Australian federal and state and territory governments and the New Zealand Government.

New Zealand involvement, however, appears to have been in name only, with the document clearly focused on Australia. Its official launch, which made big news in the Australian press, received scant coverage in the New Zealand media, and there has been no public mention of it out of Wellington.

Indeed, enquiries made by NZ Security have revealed that despite the fanfare that accompanied the document’s release across the Tasman, very few security professionals in this country are aware of this ANZCTC strategy.

In a way, this is unsurprising. It’s widely acknowledged that New Zealand’s terror threat profile is significantly different to that of Australia, and that Australia’s threat level of ‘Probable’ places that country in an altogether higher risk context. Nevertheless, would such a strategy be potentially relevant or helpful in the New Zealand context?

“There is nothing wrong with piggy-backing on a bigger neighbour with more resources to address these issues and with whom we may need interoperability. However, it needs to have a commitment to resources at New Zealand’s end of it. Where those New Zealand resources are is not clear in the documents.”

“I think the strategy is potentially very relevant for New Zealand and certainly presents a very good case for a wider uptake of our Protective Security Requirements (PSR),” he said.

“Do we want to experience a hostile attack in a crowded place before such a method of attack makes it onto our threat profile? I think not.”

Enjoying this article? Consider a subscription to the print edition of NZ Security Magazine.

Critiquing the strategy

Although some critics have suggested that it represents more of a ‘placebo effect’ than an effective approach to resilience against terrorist attacks in public places, there has been very little criticism of the strategy across the Tasman.

However, one area in which the strategy has stirred up some debate has been the extent to which it places responsibility for threat preparedness and resilience on the owners of businesses operating in crowded places.

“Owners and operators of crowded places have the primary responsibility for protecting their sites,” it states, “including a duty of care to take steps to protect people that work, use, or visit their site from a range of foreseeable threats, including terrorism.”

Carlton considers the strategy to be reasonable in this regard. “Simply finding out who operates a potentially targeted area would be an arduous task. The trick is letting operators know they are responsible and then where to get information.”

According to Lincoln, any potential barrier to the uptake of the strategy would probably fall in this area. “It could be argued that the reasonable duty of care is being stretched to include acts of terrorism and that this is not fair and the responsibility is being placed on the owners and operators.”

“Obvious complaints would include cost of implementation and many would argue that they cannot afford it and it is therefore unreasonable.”

At the same time, he sees these businesses as having a duty of care in the context of a terror attack. “People who are under threat and cannot egress an area will take or seek shelter in businesses, [so] the duty of care can change very quickly. They can have an emergency egress by way of “back of house” not available under normal operating conditions.”

Public-Private engagement

The Strategy invites businesses to join ‘State and Territory Crowded Places Forums’, which are envisaged as “a vehicle for fostering local networks and partnerships to ensure all stakeholders are as well connected as possible.” It also indicates that businesses will receive government support in implementing the strategy.

Could such an engagement model be of benefit in New Zealand?

Carlton, who suggested such a model in an article on an intelligence-led approach to the Rugby World Cup in 2011, sees benefit but also difficulties – “it needs to happen but it’s hard to do.”

“These public-private intelligence clearing houses are used in the United States. I first saw one in an ASIS article on securing the Democratic National Convention in 2008. So, I’m a big fan of this approach (bringing in University academics also).

The problem in New Zealand is the paring of Police services to the absolute minimum. To do a new thing means taking resources away from another area. The churn in staff also makes establishing public-private relationships very difficult,” he said.

Avoiding DIY security

The strategy provides a suite of guidance documents relating to specific threats, such as vehicular attacks, chemical attacks, improvised explosive devices and active shooters. Documents include guidelines, security audits and self-assessment tools, which are aimed at assisting owners and operators to understand and implement protective security measures.

But could this promote a DIY approach to security by untrained civilians? And could the shifting the responsibility onto businesses result in suboptimal compliance-driven outcomes?

According to Carlton, the Health and Safety at Work Act 2015 (HASAWA) makes it clear that in the New Zealand context, a 'Person Conducting a Business or Undertaking' (PCBU) must think of security. “If they are smart enough to consider this threat to the space they control and to look up these documents, they would also be smart enough to realise they need expert help.”

“My main concern would be people wishing to avoid cost, copying and pasting these documents into their own policies or standard operating procedures without doing the homework necessary to make these plans a success or [without] ever drilling the procedure.

"Having seen the security efforts of a few shopping centres recently, this is a real concern. Actually protecting people – to the right level – should be the focus of the security effort, not legal compliance.”

Lincoln is of the opinion that the audit and self-assessment documents are easy to understand and should pose no problems for business operators. But he too warns of substandard outcomes “if business owners and operators choose to do their own risk assessments and implement their own protective security measures to avoid the cost of using qualified professionals.”

Licensed security consultants

The strategy states that in many cases, owners and operators will be required to seek further advice from private security professionals, but Lincoln believes the document should go further to encourage or compel the use of licensed security consultants.

“It is not clear whether it is a requirement of the strategy or simply that owners and operators will need advice because they will not know what they are required to do.”

Carlton suggests that the type of experience a security consultant has is important, particularly if one were to apply this to the New Zealand licensing context.

“There will be alarm and CCTV sales people offering advice in this area (these people are actually called “consultants” under the New Zealand Private Security Personal and Private Investigators Act 2010) so the purchaser of that advice needs to be con dent that they are qualified to make assessments in this area.”

He knows a thing or two about making crowded places more resilient from attack. As Auckland Live’s Safety and Security Manager, Dean recently orchestrated a major active shooter training exercise at Auckland’s Aotea Centre involving centre staff, security personnel, local police and Armed Offenders Squad, and a range of emergency services and other stakeholders.

“ASIS members come to the fore around this subject because they have all of the tools available including the numerous white papers and guidelines within the ASIS library,” he said. “There are many documents that universities, hospitals, public spaces around the world have developed. So, you can go in there and see what the best practice is.”

Not all security consultants, he points out, are necessarily going to be strong in the area of crowded place resilience against terror attack. “Weapons attack, for example, is not the sort of area where you have hundreds of thousands of people who’ve got the experience, but people inside our network are able to point you in the direction of the right specialists.”

“Once you’re inside the ASIS network in New Zealand we have access to 100 professionals, whether they be professional managers, facilities managers, security consultants. If you want to go outside New Zealand, global membership allows you to connect with up to 30-40,000 similar types of people.”

Dean believes that ASIS board certification (CCP, PSP and PCI) should become a “qualification of choice”, or baseline qualification, not just for security consultants but also for security professionals in security management and advisory roles within businesses and government ministries. “It’s an ongoing commitment”, he said, “once you get your certification you have to requalify every three years through professional development points program.”

Australia’s Strategy for Protecting Crowded Places from Terrorism and its supplementary materials are available at www.nationalsecurity.gov.au.